<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE topic
  PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
<topic id="topic1" xml:lang="en">
  <title id="hn141670">pg_roles</title>
  <body>
    <p>The view <codeph>pg_roles</codeph> provides access to information about database roles. This
      is simply a publicly readable view of <xref href="pg_authid.xml#topic1">pg_authid</xref> that
      blanks out the password field. This view explicitly exposes the OID column of the underlying
      table, since that is needed to do joins to other catalogs.</p>
    <table id="hn141982">
      <title>pg_catalog.pg_roles</title>
      <tgroup cols="4">
        <colspec colnum="1" colname="col1" colwidth="131pt"/>
        <colspec colnum="2" colname="col2" colwidth="86pt"/>
        <colspec colnum="3" colname="col3" colwidth="85pt"/>
        <colspec colnum="4" colname="col4" colwidth="147pt"/>
        <thead>
          <row>
            <entry colname="col1">column</entry>
            <entry colname="col2">type</entry>
            <entry colname="col3">references</entry>
            <entry colname="col4">description</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry colname="col1">
              <codeph>rolname</codeph>
            </entry>
            <entry colname="col2">name</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role name</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolsuper</codeph>
            </entry>
            <entry colname="col2">bool </entry>
            <entry colname="col3"/>
            <entry colname="col4">Role has superuser privileges</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolinherit</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role automatically inherits privileges of roles it is a member
              of</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterole</codeph>
            </entry>
            <entry colname="col2">bool </entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create more roles</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreatedb</codeph>
            </entry>
            <entry colname="col2">bool </entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create databases</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcatupdate</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may update system catalogs directly. (Even a superuser may
              not do this unless this column is true.)</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcanlogin</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may log in. That is, this role can be given as the initial
              session authorization identifier</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolconnlimit</codeph>
            </entry>
            <entry colname="col2">int4</entry>
            <entry colname="col3"/>
            <entry colname="col4">For roles that can log in, this sets maximum number of concurrent
              connections this role can make. -1 means no limit </entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolpassword</codeph>
            </entry>
            <entry colname="col2">text</entry>
            <entry colname="col3"/>
            <entry colname="col4">Not the password (always reads as ********)</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolvaliduntil </codeph>
            </entry>
            <entry colname="col2">timestamptz</entry>
            <entry colname="col3"/>
            <entry colname="col4">Password expiry time (only used for password authentication); NULL
              if no expiration</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolconfig </codeph>
            </entry>
            <entry colname="col2">text[]</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role-specific defaults for run-time configuration variables</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph> rolresqueue</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3">pg_resqueue.oid</entry>
            <entry colname="col4">Object ID of the resource queue this role is assigned to.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>oid</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3">pg_authid.oid</entry>
            <entry colname="col4"> Object ID of role</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterextgpfd</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create readable external tables that use the gpfdist
              protocol.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterexthttp</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create readable external tables that use the http
              protocol.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreatewextgpfd</codeph>
            </entry>
            <entry colname="col2">bool</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create writable external tables that use the gpfdist
              protocol.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph> rolresgroup</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3">pg_resgroup.oid</entry>
            <entry colname="col4">Object ID of the resource group to which this role is assigned.</entry>
          </row>
        </tbody>
      </tgroup>
    </table>
  </body>
</topic>
